OWA > Multiple AD Sites > Simplified URL > and Proxy (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access



Message

jimigisme -> OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 1:16:42 PM)

Setup: 
Site 1:
Server 1EX 2K7 – CAS – HUBT (Internet facing)
Server 2 EX 2K7 – MAILBOX
Server 3 EX 2K3 - MAILBOX

Site 2:
Server 4 EX 2K7 – MAILBOX – CAS – HUBT (non internet facing)
Server 5 EX 2K3 – MAILBOX

I am trying to setup CAS PROXYING from the Internet facing CAS box in site 1 to the Internal CAS BOX in site 2 and the EX2K3 boxes.

I have setup the simplified OWA URL by following this article:
http://technet.microsoft.com/en-us/library/aa998359(EXCHG.80).aspx I have the Home directory on both servers set to /Exchange and the custom 403;4 Error page set to the SSLRedirect.htm.

Here is the issue:

I can connect to server 1 (internet facing) – I can access mailboxes on Server 2 and Server 3.
But when the proxy from Server 1 to Server 4 happens the redirect takes me to the Internal URL for OWA, which is set to https://server name.domain.com. Being that this is not a internet facing server and I don’t have or want a External DNS entry for https://servername.domain.com – the URL is dead.
I don’t want to have my users enter the long url of OWA and Exchange, so how do I resolve the proxy abilities in the situation?

Thank you



npatang -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 1:37:24 PM)

This is wht my understanding is Proxy.

To access Exchange 2007 server mailboxes on Site 2 we just need the integrated Authentication on OWA VDIR on Server 1 and server 4, it use kerberos for proxying. For proxying make sure that on Server 4 we don't have the external URL set on OWA VDIR.

To access Exchange 2003 mailbox on Site 2 .. server 1 should direct communicate with server 5 port 80.. make sure that SL should not be enalbe on exchange VDIR on server 1 and server 5.

You don't have to make any DNS entry for internal FQDN as when your request will be proxy from server 1 to server 4 the URL on the IE will not change.. ( make sure that external URL is not set )..   Internal URL is transparenr for users.... who are on internet.

let me know if this make some sense to you...




jimigisme -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 1:43:07 PM)

You are correct, those permissions are set and the external URL on the internal CAS server is not set.

The problem here is the simplified name requires a custom redirect, this SSLredirect.htm requires a url embeded. This url is set to the same address as the internal URL on the non-internet facing CAS box. Sooooo, IE does not retain the appropriate address while doing the proxy, it acutally changes to the internal name of the non internet facing CAS box, therfore it cannot be reached.



npatang -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 1:48:09 PM)

Is there is any specific reason we have enable SSL redirection..



jimigisme -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 1:56:32 PM)

Yes - in my first post I mentioned that we are using the simplified URL for OWA, setup according to:
http://technet.microsoft.com/en-us/library/aa998359(EXCHG.80).aspx



npatang -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 3:01:37 PM)

A Simple rule of redirection is : To whatever URL you are redirecting from HTTP to HTTPS it should be resolvable from internet.. bcz while redirecting the OWA URL changes in the IE..



jimigisme -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 3:15:33 PM)

Yes I understand redirection.

The issue here is combining the proxy functionality of CAS in two AD sites + using the simplified OWA URL method.

When you combine these two, you end up sending users to the internal URL of the server in the second AD site.

CAS proxy is built to provide you with the ability to have one internet facing CAS box, this works fine as long as you dont use the simplified OWA URL Method, I am trying to figure out how to combine those two things.

Is this clear?



npatang -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 4:12:57 PM)

Simplified URl has to be done on the internet facing CAS.. no need to do it on the non internet CAS.... and the url entered in it has to be the external URL not the internal  URL.



jimigisme -> RE: OWA > Multiple AD Sites > Simplified URL > and Proxy (24.Jun.2008 4:30:14 PM)

I tried setting it up where the non-internet facing CAS box is not using the simplified URI - that does not work. The site is not available.

According to the KB - The non-internet facing CAS box should not have an External address setting.




Page: [1]